GHSA-hc55-p739-j48w: @modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix

GHSA-q66q-fx2p-7w4m: @modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling

GHSA-h34r-jxqm-qgpr: juju/utils leaks private key in certs

GHSA-xg8h-j46f-w952: Pillow vulnerability can cause write buffer overflow on BCn encoding

GHSA-3m86-c9x3-vwm9: Graylog vulnerable to privilege escalation through API tokens

Command execution vulnerability in the ActionEnter Class ins jfinal CMS version 5.1.0 allows attackers to execute arbitrary code via a created json file to the ueditor route.

**Arbitrary code execution in jfinal CMS**

Critical severity GitHub Reviewed Published Apr 28, 2023 to the GitHub Advisory Database • Updated May 1, 2023

Headline

GHSA-gh24-c683-79r2: Arbitrary code execution in jfinal CMS

ghsa: Latest News